The University Information Security Policy & InfoSec one year on…. Tom Anstey Weatherall Institute of Molecular Medicine & InfoSec [email protected] http://www.it.ox.ac.uk/infosec/infosecproject/. The need for a Policy!. OxCERT led a Information Security Self-Assessment in 2007-2009.
Weatherall Institute of Molecular Medicine & InfoSec
OxCERT led a Information Security Self-Assessment in 2007-2009
ICTF staff + Council Secretariat
Governance: Central - year on…vs- Local
Identify the year on…problems – Risk Assessments
Includes liaison with:
Not just an IT issue
Flowchart for data encryption could be used for paper waste destruction protocol.
Finding a balance between security and usability.
This is where the power really is!
They’re now on board and understand the need for improved practices, and a local policy.
Improved understanding of a unit’s responsibility and liability.
… easy to read!
On-going work in progress
Aims to meet ISO2007:2005
Government cyber-security initiative
Fits in with other ox.ac.uk academic work
e.g. Andrew Martin, Sadie Creese et al.
EPIC on-line training year on…
Post mortem discussions year on…
Summary year on…